10GbE Hardware Recommendations

  • I'd like to preface this by saying some of the requirements/requests are likely overkill. I prefer to build in overhead and like working my way from top to bottom in terms of performance.

    I currently have 1Gb/s up/down connection and will possibly be upgraded to 2Gb/s in the near future. I'm currently thinking that I would like to use the pfSense box to handle the 10GbE connections which would include my personal PC, FreeNAS/RockStor NAS, a switch, and an AP. Additional devices would be connected via the switch. I'm planning on using Snort, Squid, OpenVPN and probably a few others as I continue to dive in. The system will be rack mounted but would like to try to keep it relatively quiet. I'm currently in the process of planning out the entire network so comments on any of the pieces are appreciated.

  • i have no knowledge of hardware below the $ridicilous dollar range that will do snort/openvpn at even 5gb/s .

    also: rack hardware thats relatively quiet is hard to find - rack hardware that can push 10GbE, that is relatively quiet is probably non-existing.

  • http://store.pfsense.org/XG-1540/

    this could potentially get you well passed the 2gbit marker just doing NAT.

    no clue what it would do when adding snort.

    openvpn at 2gbit is probably impossible using freebsd at this time. this might improve when the next version of openvpn comes around (no clue when that'll be)

  • @Mallard

    Take two D-Link DGS1510-20 Switches for the 10 GBit/s LAN routing and let the pfSense
    being smaller and feed it with 2 x 1 GBit/s WAN connection. So the pfSense is powerful
    enough for the WAN only routing and the switches will be sufficient enough for the LAN

    Other wise and as suggested before the XG-1540 together with a Chelsio adapter will do this
    job also for you.

  • You will have more luck with suricata than snort at 10gbps. The former is multithreaded.

    A Chelsio t420 + an i7 (1550/1551)or equivalent Xeon would do it for you.  Just grab 6-8 gig of ram

    You could look at some mikrotik switch gear if you are looking to save some $$

Log in to reply